Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 22:56
Static task
static1
Behavioral task
behavioral1
Sample
a2cf05d87b0cfd7149287f003b383b35_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
a2cf05d87b0cfd7149287f003b383b35_JaffaCakes118.exe
Resource
win10v2004-20240611-en
General
-
Target
a2cf05d87b0cfd7149287f003b383b35_JaffaCakes118.exe
-
Size
784KB
-
MD5
a2cf05d87b0cfd7149287f003b383b35
-
SHA1
1ada1a29a6736ed7a94d332fff4911d314c6e800
-
SHA256
69762813ce27fe79c560fb43e2bca400b5b09af2b48d525e91bb41031ca0d1bc
-
SHA512
ef1573c899ddf581da3aebbd6a9d4b680784087e663da332dbc70712e0b2cf85620e7e14a9e51f24793451e38a50ec0fbc536b0e7f5fa1d693c7b4513059b013
-
SSDEEP
12288:4NLZ/0ZzhEtGOPnA7Bx3+J2FT9/CZ0w100eWnzD/2hqCC6LejPE:4NR2zaQBt37/CZ0w1PeWnzqhqCC6+PE
Malware Config
Signatures
-
Script User-Agent 1 IoCs
Uses user-agent string associated with script host/environment.
description flow ioc HTTP User-Agent header 3 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 3032 a2cf05d87b0cfd7149287f003b383b35_JaffaCakes118.exe 3032 a2cf05d87b0cfd7149287f003b383b35_JaffaCakes118.exe -
Suspicious use of SendNotifyMessage 2 IoCs
pid Process 3032 a2cf05d87b0cfd7149287f003b383b35_JaffaCakes118.exe 3032 a2cf05d87b0cfd7149287f003b383b35_JaffaCakes118.exe